Researchers Crack Every Certified CA Voting Machine 154
ewhac writes "The San Francisco Chronicle is reporting that computer security researchers throughout the University of California system managed to crack the security on every voting machine they tested that has been approved for use in the state. The researchers are unwilling to say how vulnerable the machines are, as the tests were conducted in an environment highly advantageous to the testers. They had complete access to the devices' source code and unlimited time to try and crack the machines. No malicious code was found in any of the machines, but Matt Bishop, who led the team from UC Davis, was surprised by the weakness of the security measures employed. The tests were ordered by Secretary of State Debra Bowen, who has until Friday of next week to decide whether to decertify any of the machines for use in the upcoming Presidential primary election."
Re:What's wrong with paper? (Score:5, Interesting)
The problem with paper is...it's slow. Don't get me wrong, I don't see that as a problem; I am of the school of thought that it is no disadvantage to take a week or so to count ballots by hand. However, the public has an expectation (cultivated as it has been by TV media, mostly) that elections are to be decided ASAP. I don't know how to ween folks off of such an expectation, esp. since there is a profit motive in minute-by-minute coverage. It is hard in the Internet age to get people to understand why everything can't be as fast as a Google search.
I'm not crazy about exit polls, either, though if done accurately enough (i.e. large enough sample sizes, unbiased methodology) should be able to provide a good indication of results quickly even with a paper ballot system.
I'm completely spitballing here, but I imagine that psychologically the image of a computer as the instrument of an election is more reassuring to people (who, by and large, use computers for many routine tasks) than paper, which conjures notions of impermanence and fragility and a history of "stuffed ballot boxes" and other shenanigans; while computers in reality may be more vulnerable to such shenanigans, they do not as easily lend to such an image, and so combined with their inner mysterious mechanics, they are more easily trusted. People, scarred by the disintegrating trustworthiness of their government, desperately want some part of the political process to place their faith in.
Better to be decertifier than certifier. (Score:1, Interesting)
The decertifier can retire the certifier's licence and suspend the enterprise's certification.
Re:And the problem with paper was? (Score:1, Interesting)
Next you need to find the fools who selected these machines and punish them , make their certifications public, thereby ruining reputations of people who did a very poor job.
Australia and some other foreign countries DO have working voting software, loaded with many checksums and hashes, so that IF there was a fiddle, you can 'play back' the transactions, and detect something is wrong.
Very hard to believe American stuff that calls a bunch of VB calling Excel routines with a front dressing passed muster, let alone USB ports with autoplay switched on.